From owner-freebsd-security Sat Dec 2 04:41:06 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id EAA11708 for security-outgoing; Sat, 2 Dec 1995 04:41:06 -0800 Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id EAA11680 for ; Sat, 2 Dec 1995 04:40:40 -0800 Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.9/8.6.9) id XAA09388; Sat, 2 Dec 1995 23:33:07 +1100 Date: Sat, 2 Dec 1995 23:33:07 +1100 From: Bruce Evans Message-Id: <199512021233.XAA09388@godzilla.zeta.org.au> To: jkh@time.cdrom.com, msmith@atrad.adelaide.edu.au Subject: Re: ****HELP***** Cc: rdugaue@calweb.com, security@freebsd.org Sender: owner-security@freebsd.org Precedence: bulk >> > Jordan; how hard would it be to generate a file with the md5's of a stock >> > release system's "standard binaries" for this sort of thing? >> >> Probably not too hard. Let me think about it. You'd want a file >> for each distrib, probably. mtree -c -k md5digest -p / >/safe/all.md5 Bug: when run by non-root, this exits when it hits the unreadable file sper4.036. It's as bad as wc :-(. Worse bug: when run by root, this exits when it hits an unreadable file in /proc. Some regular files aren't. >And a script somewhere for checking it? Should we perhaps start looking at >a SCO-like "perms" setup? Is this something that the security and ISP >people would smile happily upon? mtree -p / (ie. a distribution-wide listing of md5's, permissions and ownerships, >burnt onto the release CD for security's sake 8) mtree -c -k md5digest,mode,uid,gid -p / >/safe/all.md5 Bruce